Apple Confuses Speech with a DMCA Violation

Slashdot reports that Apple has sent a "cease and desist" email to bluwiki, a public wiki site, demanding the removal of postings there by those who are trying to figure out how to write software that can sync media to the latest versions of the iPhone and iPod Touch.

Short answer: Apple doesn't have a DMCA leg to stand on.

At the heart of this is the iTunesDB file, the index that the iPod operating system uses to keep track of what playable media is on the device. Unless an application can write new data to this file, it won't be able to "sync" music or other content to an iPod. The iTunesDB file has never been encrypted and is relatively well understood. In iPods released after September 2007, however, Apple introduced a checksum hash to make it difficult for applications other than iTunes to write new data to the iTunesDB file, thereby hindering an iPod owner's ability to use alternative software (like gtkpod, Winamp, or Songbird) to manage the files on her iPod.

The original checksum hash was reverse engineered in less than 36 hours. Apple, however, has recently updated the hashing mechanism in the latest versions of the iPhone and iPod Touch. Those interested in using software other than iTunes to sync files to these new iPods will need to reverse engineer the hash again. Discussions about that process were posted to the public bluwiki site. Although it doesn't appear that the authors had yet figured out the new iTunesDB hashing mechanism, Apple's lawyers nevertheless sent a nastygram to the wiki administrator, who took down the pages in question.

No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that ... is primarily designed or produced for the purpose of circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner....

The information posted on the wiki appeared to be text, along with some illustrative code. Nothing that I saw on the pages I was able to review would appear to constitute a "technology, product, service, device, component, or part thereof." In fact, the authors had apparently not yet succeeded in their reverse engineering efforts and were simply discussing Apple's code obfuscation techniques. If Apple is suggesting that the DMCA reaches people merely talking about technical protection measures, then they've got a serious First Amendment problem.

Who owns the copyrighted work?

The iTunesDB file is not authored by Apple, nor does it appear that Apple has any copyright interest in it. Instead, the iTunesDB file on every iPod is the result of the individual choices each iPod owner makes in deciding what music and other media to put on her iPod. In other words, the iTunesDB file is to iTunes as this blog post is to Safari -- when I use Safari to produce a new work, I own the copyright in the resulting file, not Apple.

So if the iTunesDB file is the copyrighted work being protected here, then the iPod owner has every right to circumvent the protection measure, since they own the copyright to the iTunesDB file on their own iPod.

Where's the access control?

The contents of the iTunesDB file is not protected at all -- any application can read it. So, as a result, the obfuscation and hashing mechanisms used by Apple to prevent people from writing to the file cannot qualify as "access controls" protected by Section 1201(a) of the DMCA.

Apple might argue that the checksum hash prevents people from preparing derivative works, which means that it's a "technological measure that effectively protects the right of a copyright owner" (as noted above, however, it's the user, not Apple, who owns any copyright in the iTunesDB file). The DMCA, however, does not prohibit circumvention of technical measures that are not access controls, although it does restrict trafficking in tools that circumvent these measures. But, as mentioned above, there are no "tools" on the bluwiki pages.

What about the reverse engineering exemption?

Apple's lawyers also appear to have overlooked the DMCA's reverse engineering exception, 17 U.S.C. 1201(f), which permits individuals to circumvent technological measures and distribute circumvention tools "for the purpose of enabling interoperability of an independently created computer program with other programs, if such means are necessary to achieve such interoperability, to the extent that doing so does not constitute [copyright] infringement."

Enabling iPods to interoperate with "independently created computer programs" (like gtkpod, Winamp, and Songbird) is precisely what the reverse engineering exception was intended to protect.

Where's the nexus to infringement?

Finally, Apple's DMCA theory fails because any "circumvention" that might be involved here has no connection to any potential copyright infringement. Two decisions by federal courts of appeal (1, 2) have held that without a nexus to potential infringement, there is no violation of the DMCA. And here, it's hard to see how reverse engineering the iTunesDB checksum hash can lead to any infringement of the iTunesDB file -- after all, the reverse engineers presumably aren't interested in making piratical copies of the iTunesDB file. Instead, they just want to sync their iPhones and iPods using software other than iTunes. No infringement there.

Of course, without more than the bare "cease and desist" emails sent by Apple's lawyers to bluwiki, we can't know for certain what other DMCA arguments they may have had in mind. But I certainly can't see any DMCA violation here based on Apple's nastygrams thus far.

The U.S. Copyright Office just released a long-awaited report about Section 1201, the law that bans circumventing digital restrictions on copyrighted works. Despite years of evidence that the social costs of the law far outweigh any benefits, the Copyright Office is mostly happy with the law as...

Mandatory Filtering Proposals Curb CompetitionWhen looking at a proposed policy regulating Internet businesses, here’s a good question to ask yourself: would this bar new companies from competing with the current big players? Google will probably be fine, but what about the next Google?In the past few years, some large movie...

Mitch Stoltz, senior staff attorney with the Electronic Frontier Foundation, pointed to one court case where T-shirts overall had been tested. And in Kienitz v. Sconnie Nation, LLC, the court ruled in favor of a shirt that used another photographer's photo as the basis for the design. Stoltz also...

Major record labels are once again trying to force an Internet service provider into enforcing their copyrights by cutting off customers from the Internet over copyright accusations. The suit is led by a group of record labels including UMG Recordings, Warner Brothers Records, Sony Music Entertainment, and Arista Music. The...

The latest episode of the technology podcast Reply All features an excellent summary of some of the issues with the World Wide Web Consortium's current project to create a standard for restricting the use of videos on the web; we've created this post for people who've just listened to...

The “notice-and-takedown” process for addressing online copyright infringement isn’t perfect: it’s often abused to remove lawful speech from the Internet. But it many cases this process, described in Section 512 of the Digital Millennium Copyright Act (DMCA), works pretty well—particularly because of the safe harbors that protect Internet services that...

Rep. Blake Farenthold (R-Texas) and Jared Polis (D-Colo.) just re-introduced their You Own Devices Act (YODA), a bill that aims to help you reclaim some of your ownership rights in the software-enabled devices you buy. We first wrote about YODA when it was originally introduced back in 2014...